Research On The Network Operator's Information Security Protection Obligations

With the shift of global Internet governance to a multi-stakeholder model,the obligation of network operators to undertake more information security protection obligations has been admitted by many countries through the establishment of legal systems and rules.China has also established the relevant obligations through legislation.Under this background.this paper makes a comprehensive study on the information security protection obligations of network operators.The first part discusses the legitimacy basis of the network operator's information security protection obligations.one is that the network operator,as the opener of the dangerous source,needs to shoulder the obligation of security communication in the network space.The second comes from the need of limiting the private power of network operators on the Internet.The third is for protecting national information security and citizen information rights.And in line with the fundamental interests of the enterprise.The second part determines the content of network operator's information security protection obligations.Information security includes three parts,such as information system security,the security of information resources in the system and the security of information content,and the requirement on the behavior of network operators turns to active prevention.Network operator's information security protection obligations also include three kinds of obligations,the first is to protect information svystems from interference and destruction,the second is to prevent infringement of information resources,the third is to create a reliable content of the information environment.The third part determines the boundary of network operator's information security protection obligation.LUnder the premise of recognizing its compulsory nature,take the balance between the network operator.the government and the network user.In addition to taking the distinction ideas.it is necessary to follow the principle of legality.the principle od proportion and the limitation of due process to prevent the excessive expansion and absolute application of the obligations.The forth part summarizes the present situation of legislation.law enforcement and judicial status in China,and holds that although the legal and supporting system of network operator's information security protection obligation improve gradually.there are still three defects which are not conducive to the implementation of this obligation,one is that the design of legal rules embodies the maladies of government control doctrine,neglects the subjective initiative of network operators.Secondly,there is imbalance of rights protection in the legislative establishment,with attaching importance to the protection of national security and neglecting the protection of citizens'personal information rights.Third,with too much emphasis on the security of information at the content level and neglecting the identity of the subject of the obligation of network operators,the direction of regulation is biased.The last part is the improvement measures for the above problems.First of all.from the perspective of the overall regulation,public law and private law are needed.In private law,the network operator's information security protection obligation should be included in the scope of tort law.In public law.the establishment of administrative regulation is necessary,and the sub-obligation that plays a role in facilitating supervision is supplemented by the form of third-party obligations.Secondly,it is suggested that flexible control standards should be adopted for the establishment of administrative control clauses.and incentive measures should be put in place to mobilize the initiative of enterprises.At the same time.strengthen social supervision and user collaboration is necessary.Finally.in order to make up the deficiency of private right protection.it is necessary to straighten out the relationship bcetween the obligation of administrative regulation clause and the liability of private law,and admit that the violation of protective provisions in cyber security law can presume the fault of network operators.At the same time.the form of private law liability needs to be adjusted to supplementary liabiluty.